[Bug 1797148] Re: vault: support operator configuration of kv mountpoint
James Page
james.page at ubuntu.com
Thu Oct 11 12:38:27 UTC 2018
FFe details
===========
1) builds:
See PPA - https://launchpad.net/~james-page/+archive/ubuntu/vault-
production
2) installs and upgrades:
Existing packages deployed and then upgraded to PPA built packages OK
3) does not break packages which depend on it, or that corresponding
updates have been prepared.
Barbican and castellan covered under same bug, changes implemented in a
backwards compatible way (they don't change the existing function).
4) Verification
Barbican configured with approle based authentication and a non-default
KV mountpoint using proposed packages, secrets correct stored and
retrieved using Vault via the Barbican API.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to barbican in Ubuntu.
https://bugs.launchpad.net/bugs/1797148
Title:
vault: support operator configuration of kv mountpoint
Status in castellan:
In Progress
Status in barbican package in Ubuntu:
In Progress
Status in python-castellan package in Ubuntu:
In Progress
Bug description:
The vault integration currently hard-codes the KV mountpoint on
'secrets' - this is the name of the enabled by default KV store in
vault, but is probably not typical in a hardened deployment where
multiple KV mountpoints may be used for different purposes.
Defaulting to 'secrets' is fine, but having a config option to allow
end user configuration would be beneficial.
To manage notifications about this bug go to:
https://bugs.launchpad.net/castellan/+bug/1797148/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list